[SECURITY] [DLA 2111-1] jackson-databind security update

2020-02-20 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: jackson-databind Version: 2.4.2-2+deb8u11 CVE ID : CVE-2019-20330 CVE-2020-8840 It was found that jackson-databind, a Java library used to parse JSON and other data formats, could deserialize data without proper

[SECURITY] [DLA 2112-1] python-reportlab security update

2020-02-20 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: python-reportlab Version: 3.1.8-3+deb8u2 CVE ID : CVE-2019-17626 Debian Bug : 942763 It was found that ReportLab, a Python library to create PDF documents, did not properly parse color strings, allowing an